Last Call Review of draft-josefsson-kerberos5-starttls-
review-josefsson-kerberos5-starttls-secdir-lc-nystrom-2009-12-24-00
| Request | Review of | draft-josefsson-kerberos5-starttls |
|---|---|---|
| Requested revision | No specific revision (document currently at 09) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2009-12-24 | |
| Requested | 2009-12-11 | |
| Authors | Simon Josefsson | |
| I-D last updated | 2009-12-24 | |
| Completed reviews |
Secdir Last Call review of -??
by Magnus Nyström
Secdir Telechat review of -?? by Magnus Nyström |
|
| Assignment | Reviewer | Magnus Nyström |
| State | Completed | |
| Request | Last Call review on draft-josefsson-kerberos5-starttls by Security Area Directorate Assigned | |
| Completed | 2009-12-24 |
review-josefsson-kerberos5-starttls-secdir-lc-nystrom-2009-12-24-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document defines a new Kerberos extension to allow Kerberos protocol runs over TLS. I do not have any general issues with this document but a few questions/comments: Section 1: "The TLS protocol has been studied by many parties. In some threat models, the designer prefer to reduce the number of protocols that can hurt the overall system security if they are compromised." This statement seems to me like a strange reason to motivate this work - Kerberos is equally well studied (at least) as TLS and this memo does not reduce the number of protocols in the system (c.f. the recent TLS renegotiation vulnerability) Section 3: In the packet flow, why are the first two Kerberos exchanges ([0x70000000 & STARTTLS-bit] and [0x00000000]) wihtin square brackets? Is it because they're seen as a separate protocol, or some other reason? A clarification would be helpful. Section 5: "Use of TLS, even without server certificate validation, protects against some attacks that Kerberos V5 over UDP/TCP do not. Requiring server certificates to be used at all times would enable attacks in those situations": a) It would be useful to give examples of attacks that unauthenticated TLS protects against that Kerberos V5 does not protect against. b) Last sentence is ambigious - if server certs are required and the client verifies them I do not see what attacks would be enabled. I assume the last sentence intends to say that requiring server certs to be used when clients cannot validate will enable some attacks but I am not sure. Section 5: "When clients have the ability, they need to be able to validate the server certificate" I suggest rephrasing to: "When clients have the ability, they MUST validate the server certificate" (or at least SHOULD). Best, -- Magnus